Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

098170f8ac...18.exe

windows7-x64

3

098170f8ac...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    098170f8ac53a4ee3c5f1dc139a125e2

  • SHA1

    695c4ff94c3d3d78a485457fdccef4b86abc6c4d

  • SHA256

    f4c8bb4b55f9a38245108a08305fc2665e9b93cafc32b9230fd27540ffc246bb

  • SHA512

    8feb9330859f9807828380195c0bc06e9025453554003a4c4e87eb2ee13d77ff8119b954878c57eca1fe1101d4fc9f8782cc782fe40813ce4df772dfe1a4b2f2

  • SSDEEP

    24576:upiC2B+jEyDqSjUkVdQhY7uF2CNYXZAmxjW4BwC3sadAfI7W:2iC95RjLmJcCIDfwasI5K

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\098170f8ac53a4ee3c5f1dc139a125e2_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://bbs.3996.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4596
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4596 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.zhaowg.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1224
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32DACCEA-3244-11EF-BCA5-DAA7D34B912A}.dat
    Filesize

    5KB

    MD5

    65b6acc1fa76e1f8f09bdc4255c614ad

    SHA1

    72f62b0ead0b7e67a80d2ce23319af20b05bd52c

    SHA256

    7f7c5772694c8478db55a356d989d44940b291004eb9750bd6be51ddfcea7687

    SHA512

    86c25e0484edf16dee00e12be22a03d3071629154e807cd79d4140aaad5d2836e8307d372e7c0ee8d34949dee52b68ca6d22ff7e1321f9c0aa49717b14e7094b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32DD2F12-3244-11EF-BCA5-DAA7D34B912A}.dat
    Filesize

    3KB

    MD5

    fd50f8bb80ac5549f9dca46684dfad42

    SHA1

    9837b713fad739d5c3658548a87d1f1458d674de

    SHA256

    da7b7e038f8aba67e20be7e38eb9b08579240e407588b8abc7533f8bb42c7419

    SHA512

    fb1af059c0785dd8d8686fae156a8f71af65d1adcbda2b9d743ee8968ef47365d80a748e9d6a9ba2650001b78f5817f02a05e366273e4fd1de451c62a1adf9cf

    Download Submit